MPAA Fires Back at AACS Decryption Utility

RulerOf writes "The AACS Decryption utility released this past December known as BackupHDDVD originally authored by Muslix64 of the Doom9 forums has received its first official DMCA Takedown Notice. It has been widely speculated that the utility itself was not an infringing piece of software due to the fact that it is merely "a textbook implementation of AACS," written with the help of documents publicly available at the AACS LA's website, and that the AACS Volume Unique Keys that the end user isn't supposed to have access to are in fact the infringing content, but it appears that such is not the case." From the thread "...you must input keys and then it will decrypt the encrypted content. If this is the case, than according to the language of the DMCA it does sound like it is infringing. Section 1201(a) says that it is an infringement to "circumvent a technological measure." The phrase, "circumvent a technological measure" is defined as "descramb(ling) a scrambled work or decrypt(ing) an encrypted work, ... without the authority of the copyright owner." If BackupHDDVD does in fact decrypt encrypted content than per the DMCA it needs a license to do that."

well..

[pair-a-noyd (594371)]

1. Horse
2. Gate
3. ???
4. Profit!

why bother

[mastershake_phd (1050150)]

Legality aside, they must know they will never eliminate this utility. DVD Decrypter is still easy enough to find. And that is something a lot of people might be interested in compared to the number of people who actually own a HD Disc.

Re:why bother

[Curtman (556920)]

Legality aside, they must know they will never eliminate this utility. DVD Decrypter is still easy enough to find.

It's a shame that they dropped the case against Decss [wikipedia.org]. Hopefully they won't this time and they'll lose fair and square.

Re:why bother

[melikamp (631205)]

Implementation of this specification requires a license from AACS LA LLC.

IANAL, but what the hell does that mean? There are only two relevant "IP" laws: copyright and patent. Since the code is original, copyright does not apply. Is AACS patented then? Again, I have no idea what exactly the legislation is, but I would assume that in most jurisdictions the law does not apply to PCs. I am under an impression that there might be a patent on a device with the said software, but that would probably not apply to a general-purpose device which can run any software.

Re:why bother

[digitalunity (19107)]

Close. The misnomer "Intellectual Property" is typically a trifecta - Copyright, Patent and Trademarks. It would be difficult to bring a trademark suit into this matter since the author of this tool is not misrepresenting their tool under the auspices of a tool trademarked by another company.

Patents are an easy one. If the AACS encryption is covered by patents(which it probably is) there's a good case for patent infringement. I won't go this particular here. As far as I am concerned, if the encryption can be broken by information release by the patent holder outside of the realm of a patent application, it's fair game.

Copyrights are a tough nut to crack. Without the DMCA, the tool would probably fall under fair use. With DMCA provisions, it would most likely qualify as an 'circumvention' device. Very sad, but under existing law, it's unavoidable.

Solution?
1) Ignore the laws. Release the software from an unfriendly neighbor country.
2) Lobby.
3) Lawyer up.
4) Start shooting lawmakers.

Picked a bad example

[wmansir (566746)]

DVD Decrypter is easy to find, but Lightning UK was forced to stop development and take down the original site because of legal threats. Fortunately he continued to develop the excellent burning portion of the program with ImgBurn [imgburn.com]. As a result of the legal threats DVD Decrypter itself is now outdated as it cannot handle the some of the latest copy protections without assistance. RipIt4Me [ripit4me.org] is a much better option for the latest DVD releases.

So let me get this straight...

[physicsnick (1031656)]

They're firing back at the total and utter destruction of AACS by using... lawyers.

Yeah. That'll stop piracy.

Re:So let me get this straight...

[Dr. Eggman (932300)]

Lacky: "Sir! Pirates in the nets, breakin' yur AACS!"
MPAA: "We must respond with out most powerful weapon: Ready the Lawyer Cannons."

Re:So let me get this straight...

[The Real Toad King (981874)]

Lacky: "But sir! Wouldn't firing our lawyers out of cannons seriously injure them?"
MPAA: "I SAID READY THE LAWYER CANNONS GODDAMMIT!"

Re:So let me get this straight...

[denmarkw00t (892627)]

Lacky: "But, I am le tired..." MPAA: "Well, take a nap and then FIRE ZE LAWYERS!"

Law

[mfh (56)]

There are laws, legal interpretations and then there is reality; the courts will connect this program to its most wide use, not its intended use.

Why do we keep using the same methods of our oppressors against ourselves? For CREDIT??? For PERSONAL GAIN???

A note to any future coders of freedom; write it anonymously and just release it into the wild. Do not claim the rights over it for your benefit because that is exactly how they keep shutting you down. They can't fight a ghost! ;-)

Re:Law

[Skreems (598317)]

I'm pretty sure muslix64 (or whatever his alias is) HAS remained anonymous. But they can file take-down notices against anyone hosting the thing.

Re:Law

[Chandon Seldon (43083)]

write it anonymously and just release it into the wild.

I absolutely agree that if our society had really degraded to the point that it was no longer safe to share information it would be possible for things like this to be posted with complete anonymity. If the world had truly become a horrible dystopian nightmare, that might even be absolutely necessary.

I like to think that we're not there yet, and that it's still safe for people to share what they know with full credit for the work they have done to obtain that knowledge. If the world has really progressed to the point where sharing simple knowledge is no longer safe, then we have a worse problem than simply being locked out of the content of some video disks.

Copyright?

[wiredlogic (135348)]

You can't copyright a telephone number. I don't see why an encryption key should be any different. It doesn't represent a creative work and should not be subject to copyright protections. At best an encrytion key would be considered a trade secret. Of course a "secret" that is readable to anyone with a debugger isn't much of a secret.

Re:Copyright?

[idonthack (883680)]

It's not the fact that the decryption key is known and distributed. It's the fact that muslix64's program is capable of decrypting a copyrighted work without permission. That's a violation of the DMCA.

Re:Copyright?

[Skreems (598317)]

I see what they're trying to do, but I don't understand how that should be legal. If I buy a HD-DVD, they're giving me permission to watch it. To do so, I have to decode it. I signed nothing at the time of purchase promising to watch it only with players they approve of. By all logic, they HAVE given me permission to decrypt it.

Re:Copyright?

[cpt kangarooski (3773)]

If I buy a HD-DVD, they're giving me permission to watch it. To do so, I have to decode it. I signed nothing at the time of purchase promising to watch it only with players they approve of. By all logic, they HAVE given me permission to decrypt it.

Not quite.

It's a bit easier to use DVDs as an example for this, rather than Bluray or HDDVD, since they're not as well documented.

The movie studios encrypted discs with CSS. They then gave the DVDCCA the power to grant authorizations to decrypt and access those movies. The DVDCCA in turn authorized the player manufacturers to build players that could handle that decryption, provided that they conformed to certain requirements (e.g. respect region codes, add macrovison to the outputs). The permission is granted, therefore, to the disc-playing machine, not the owner or user of the machine, nor the owner or user of the disc itself.

This is why, when you watch a DVD on an approved player, it is lawful with regards to access-controls, regardless of whether the DVD is lawfully made and possessed, lawfully made but stolen, or unlawfully made (and yet still encrypted for some reason). But it is unlawful to watch a DVD on an unapproved player, regardless of the provenance of the DVD.

So no, when you bought the DVD, you did not get permission to decrypt it. But so long as your player is approved, then it isn't unlawful for you to use it -- or for anyone to use it -- without having to be given permission themselves.

I'm pretty confident that the newer generation formats work in substantially the same way.

Re:Copyright?

[ewhac (5844)]

What utter sophistry. If this is the true state of intellectual "property" law in this country, I suggest you change specializations before your soul starts dissolving away.

Playing a movie DVD constitutes a performance of a copyrighted work. A license to perform the work in a private residence is concomitant with the purchase of a copy. There is nothing anywhere that says how you must perform the work. The license is relevant only to the performance, not the performer. You may perform the work either in a super-uber high-end jewel-encrusted DVD player, or in a crufty piece of junk you bought second-hand at Salvation Army.

...Or, in a DVD player program you wrote yourself.

I don't need "permission" to write a program, I don't need "permission" to run a program, and I don't need "permission" to have that program crunch on data in my lawful posession. The End. There is nothing inherent in the statutes or the Uniform Commercial Code that grants copyright holders the right to constrain the method of performance, nor can it be reasonably argued that they should enjoy such a right.

As for the DMCA, well, that needs to be repealed yesterday.

Schwab

Re:Copyright?

[cpt kangarooski (3773)]

A license to perform the work in a private residence is concomitant with the purchase of a copy.

Utterly and hilariously wrong.

No such license ever, ever, ever exists. The reason being that it is impossible to license something that you haven't got to begin with. Copyright is a limited collection of rights; it does not apply to every single thing in connection with a work. In particular, the right of performance is a part of copyright. But only of public performance. Copyright holders have no right whatsoever to control private performance. Not having that right, they cannot license others.

Everyone has the right to privately perform any damn thing that they like. It's a part of free speech, and is not limited by copyright. Public performances are what's limited by copyright. Public performances are the performances that can be licensed.

If you're going to complain about my knowledge of the law, it would help if you knew something about it first.

In any event, we're not talking about copyright law, per se. We're talking about circumvention law, which for all anyone knows isn't even pursuant to the copyright power. It is its own beast, and in the case of DVDs at least, it operates as I have described it. The UCC is irrelevant to this discussion, as is anything other than 17 USC 1201 et seq.

I agree that much of the DMCA is very bad, but I think that it's vital that people understand just how bad, without suffering from any misconceptions, such as yours, in order to get support for copyright laws that we can actually be happy with, if not proud of.

Re:Copyright?

[cpt kangarooski (3773)]

I'd be surprised if, in most cases, the DVD made for retail differed at all from the DVDs made for rental. In fact, they even tend to hit shelves at the same time. And in any event, it's also legal to rent any lawfully made copy of a DVD without special permission, so it would only matter for the big chains that could negotiate early access anyway. Also, the warning wouldn't need to be there for the distributor -- they would have a contract that would lay out all the terms.

No, it's there to be read by end users, who will hopefully not question the strong wording.

What I don't understand is why, if I've encoded something using AACS, that I own the copyright to, why I'm not entitled to give permission to any and all to use an AACS decryption program to decrypt my copyrighted work. Wouldn't that basically make possession and distribution of such a decryption program be unaffected by the provisions of the DMCA (since it would be "with the authorization of the copyright owner")?

Or, in the world of regular DVDs, if you made CSS-encoded DVDs, couldn't you authorize people to use DeCSS, which would legitimize it? Feel free to give it a shot, but I doubt a court will go for it in the real world.

Doing so doesn't automatically make any 3DES or AES decryption program a DMCA violation, that would be silly!

A lot depends on the reasons for which someone distributes a copy. If RSA distributes a general-purpose decryption program using 3DES, then they'll be fine, even though it could be used against 3DES encrypted movies. If Doom9 does it, then they're not going to be fine, since they really only ever distribute anything for it to be used in conjunction with movies. That they might even be identical programs isn't relevant. Intent isn't something that is found in the bits of the program, but the law can still recognize and infer from the circumstances.

Re:Copyright?

[Skreems (598317)]

That's all well and good, but it seems borderline illegal for them to give me something and then require that it only be used with other products they approve of. It's like car manufacturers putting special-shaped gas nozzles on, saying you can only fill up at licensed gas stations, and then suing you if you modify the nozzle to work with other stations.

Re:Copyright?

[cpt kangarooski (3773)]

I would say (and IANAL) that when a customer buys a DVD (s)he also obtains the implicit right to view it. It's not the consumer's issue how that technology is licensed.

It is illegal for the consumer to access the work, if there is an access control, if the consumer lacks authorization. The studios never give consumers authorization (and the implied authorization argument has, so far, fallen flat). Rather, they authorize devices, which can be used by people who themselves lack authorization. That is, the authorization is an attribute which flows through the player, rather than the disk. (Though it's still attached to the player -- the owner doesn't have authorization, save for with regard to that player; a possessor of the player has authorization with regard to that player, even if he isn't the owner, etc.)

From the programmers' point of view, as long as the code that they write isn't taken from a licensed user of the software, they're not violating copyright -

This conversation is about access and circumvention. We are not talking about copyright, which is a different, though related subject.

and as long as the primary purpose of the code is simply to view the DVD, then I think that that (at least arguably) keeps them on the good side of the DMCA.

That argument has been tried, and it has failed. Feel free to keep trying a loser argument, but don't be surprised when it keeps on being a loser. I'm not suggesting how I want things to be, I'm describing how things are. You'll have better luck coping with this, and in changing things for the better, if you deal with reality, rather than pretend that things presently are how you wish they would be.

Re:Copyright?

[AoT (107216)]

I assume you've also never signed anything that says you won't break into houses and crap on the floor.

Yeah, but if I buy a bottle of coke I don't see any reason I shouldn't piss in it.

And what's more, if you sell me a sheet of paper with a code on it and then get pissed when I break it, you're going to have to start prosecuting all us folks who do the crypto-quote in the newspapers. That's illegal, too.

Re:Copyright?

[EvanED (569694)]

No, see, you're thinking about laws rationally. Stop it.

Re:Copyright?

[tricorn (199664)]

Actually, I own the disc, AND I own a copy of the contents, which I can use in any way not restricted by copyright. I don't own the copyright on the contents, but it is certainly an "authorized copy", and I've purchased it, I own it, and I have rights to use it in certain ways. When copyright law talks about "owner of an authorized copy", it isn't talking about the copyright owner, it's talking about ME.

Re:Copyright?

[Mattsson (105422)]

While you could contort this into meaning they've given you permission to decrypt it, they've not given you the right to obtain the keys you would need to do so.

By selling me a HD-DVD/Bluray-disc, they give me permission to decrypt said content, but they do not give me the tools or keys to do so.
When, for instance, Toshiba sell me an HD-DVD player, they sell me a tool to do the decryption with and a key, although a bit hidden.

I now own an encrypted media-file and a key to decrypt it.
What tool I use to decrypt this legally acquired file with my legally acquired key with should be no ones business but my own.

Re:Moving?

[twistedcubic (577194)]

Try New Zealand:

- Relatively low murder rate
- Democracy in more than name only
- Mostly WASP population
- English Speaking - Technologically forward looking
- Good infrastructure
- No thought police, DMCA or Dumbya.


Is this one of those puzzles where you try to figure out the item in the list which doesn't belong?

Isn't AACS encryption just AES?

[RalphBNumbers (655475)]

Going by the 'logic' in the article, *all* AES implementations (i.e. software included on most of the world's computers) are forbidden by the DMCA.
After all, someone somewhere might use any of them, along with a key acquired separately, to decrypt some media for which they don't own the copyright.

Single Page Thread

[TubeSteak (669689)]

http://forum.doom9.org/showthread.php?t=122770&pp= 40 [doom9.org]
Coral Link [nyud.net]

&pp=40 works on most (all?) vBulletin boards.
(The default is 20 posts per page)

Turtles all the way down

[$uperjay (263648)]

My web browser allowed me to download this utility which allowed me to circumvent this encryption. Is it in violation of the DMCA?

My operating system allowed me to operate this web browser which allowed me to download this utility which allowed me to circumvent this encryption. Is it in violation of the DMCA?

My computer allowed me to run my operating system which allowed me to download this utility which allowed me to circumvent this encryption. Is it in violation of the DMCA?

My university's computer store sold me the computer which allowed me to run my operating system which allowed me to download this utility which allowed me to circumvent this encryption. Is it in violation of the DMCA?

My government runs the university which runs the computer store which sold me the computer which allowed me to run my operating system which allowed me to download this utility which allowed me to circumvent this encryption. Is it in violation of the DMCA?

My fellow citizens elected the government which runs the university which runs the computer store which sold me the computer which allowed me to run my operating system which allowed me to download this utility which allowed me to circumvent this encryption. Are they in violation of the DMCA?

Some MPAA members are citizens who elected the government which runs the university which runs the computer store which sold me the computer which allowed me to run my operating system which allowed me to download this utility which allowed me to circumvent this encryption. Are they in violation of the DMCA?

Some MPAA members worship a deity who allegedly convinced them to elect the government which runs the university which runs the computer store which sold me the computer which allowed me to run my operating system which allowed me to download this utility which allowed me to circumvent this encryption. Is He in violation of the DMCA?

etc., etc.

Re:Turtles all the way down

[StikyPad (445176)]

Some MPAA members worship a deity who allegedly convinced them to elect the government which runs the university which runs the computer store which sold me the computer which allowed me to run my operating system which allowed me to download this utility which allowed me to circumvent this encryption... ...in the hole at the bottom of the sea.

Absolutely correct...

[TomRC (231027)]

"If BackupHDDVD does in fact decrypt encrypted content than per the DMCA it needs a license to do that."

Yep - and the users who are entering keys for encrypted content should do exactly that. The software is no more a violation of DMCA than is the PC it runs on. Oh wait - I guess that's where we're headed, isn't it?

Just?

[dosius (230542)]

I believe a law written to keep people from doing what they want with what they set out money for is unjust, and my belief is that unjust law should be "flagrantly ignored". DMCA or no DMCA, this program should be ensured its place on the Internet. Not because it's a piracy tool, but because it's a tool promoting fair use - something the MAFIAA seems to have forgotten the existence of.

-uso.

Publish the code PGP style

[wiredlogic (135348)]

One easy runaround is to publish the code as a printed book like Zimmermann did for PGP. This takes away any "digital"-ness and reverts to normal, proper copyright law.

Re:Publish the code PGP style

[Lifthrasir (646067)]

You obviously haven't seen my handwriting . . .

Bogus take-down request

[cfulmer (3166)]

Under section 1201(b) of the DMCA, offering to the public a "technology . . . that (A) is primarily designed . . . for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title."

Section 512(c) is the part that specifies the notice-and-takedown provisions, but it appears to me that it only refers to infringing material.

Note the difference: a circumvention device is not infringing material; it can be used to infringe, but unless it contains copyrighted code, it does not infringe by itself.

Now, naming something 'BackupHDDVD' is probably enough to show its primary design. So, just like DeCSS, it's a circumvention measure. A takedown notice is just the wrong method to bring it down.

Vote with your wallet, bring down MPAA.

[liftphreaker (972707)]

Yeah I know we're drooling over the resolution and quality of HD, but as a matter of principle, why note vote with your wallet and don't buy a single HD/BR movie? Or is it OK for us to be treated like criminals, in the hope that we accept such treatment?

I know for sure that I won't be buying any HD/BR media, ever, till this DRM mess is sorted out.

Mirror, mirror, on the wall...

[Lethyos (408045)]

Who has proliferated, most of all?

What the law said does not matter to **AA

[khchung (462899)]

I have to wonder why so many post here still talks about how the DMCA do not apply, how the utility is legal, etc.

Isn't it obvious by now that what DMCA and other laws really said never mattered to **AA? Lawsuits, DMCA notices, etc, are simply hammers to beat down any opposition so the **AA members can keep reaping profits with their outdated business models.

As long as the hammers are useful, it will be used. Saying that the hammer is not made to hit people is not going to help. As long as DMCA notices can take down stuff they do not like, it will be used and abused. Saying that DMCA is not applicable here is not going to help.

I don't know what should be done about these **AA tactics. However, I do know that telling a street thug that punching below the belt is unethical will be futile.

QTFairuse6

[AusIV (950840)]

If BackupHDDVD does in fact decrypt encrypted content than[sic] per the DMCA it needs a license to do that.

Quite some time ago, slashdot ran this article [slashdot.org] about a program called QTFairuse6, which uses iTunes to decrypt Fairplay music. If that argument against BackupHDDVD is valid, QTFairuse6 should be fine because iTunes is doing the decryption, and iTunes is allowed to do that. I'm sure the RIAA would disagree, and I know inconsistent arguments work better in law than my line of work (CS), but that was my immediate reaction when I read the summary.

How is it unauthorised

[Ant P. (974313)]

...When the copyright owner has given the user both the encrypted data and the key to decrypt it with? Surely if they don't want people decrypting their secret content they wouldn't do something as stupid as that, would they?

I can't unlock the door without the key!

[Dachannien (617929)]

Okay, so this software requires a decryption key in order to work. By default, it doesn't include a key, and you have to enter it yourself. So, as shipped, it does not circumvent an encryption system, because it can't decrypt a ham sandwich if it doesn't have the key. Now, if you are licensed to use the decryption, then you will have a key that you can type in, and then this software will work. If you have a key that you're not licensed to use, then that's on you, not the author of the software.

What this means is that the content cabal is asserting that they are the only ones with the right to encrypt using AACS by virtue of the fact that they are the only ones who can license others to decrypt using AACS. If I decide I want to encrypt something with AACS, I'm going to need a player that decrypts it. I don't need the content cabal's sacred keys - I just need the keys that I generate to decrypt my own work. This software provides the mechanism for applying my keys to my content.

In other words, if there's an "intellectual property" issue here, it's not copyright, and therefore, not DMCA-related. There may be applicable patents being violated here, though, which is how the content cabal keeps a strangehold on implementations of AACS (and CSS) to ensure that they fulfill their draconian content control functions like region codes and UOP.

Technically it IS illegal.

[Jartan (219704)]

The problem is they are correct that this IS illegal. The DMCA is a law and it prohibits this activity. Now of course the DMCA itself is illegal as well which means they'll just use it as a club against someone but drop the case before it can be proved unconstitutional.

Not illegal

[ajs318 (655362)]

The important phrase is "without the authority of the copyright holder". If you own the disc, you are entitled by sole virtue of ownership to use it for its rightful purpose -- which (assuming it is just an ordinary, home-viewing sell-through disc) is to watch the movie stored on it, in private. The copyright holder cannot prevent you from doing that, without rendering the disc unfit for its rightful purpose (and therefore owing you a refund of the purchase price you paid).

Go ahead and decrypt. Either you do have the authority of the copyright holder, or the disc is unfit for purpose and you are owed a full refund. In either case, you will find your purchase receipt very helpful.

Re:So what?

[idonthack (883680)]

A man has to run from the law because he wrote a program that lets people watch videos, and you can't find anything wrong with that?

Re:So what?

[burnin1965 (535071)]

Technically, he wrote a program that enables one to violate the rights of content creators.

Technically Toshiba has created a device which makes it possible for someone to violate the rights of content creators by playing an HD DVD movie in front of an audience using a Toshiba HD DVD player and a big screen HD TV.

And technically speaking just because a law is passed by the Congress doesn't mean it is constituionally legal.

burnin

Re:So what?

[civilizedINTENSITY (45686)]

His point was that if you take that player outside and have a block party, you've just used said device to violate copyright. Can't even have a movie day at the Library with materials in the library (although you can still read to children there...)

Re:So what?

[Hal_Porter (817932)]

Can't even have a movie day at the Library with materials in the library (although you can still read to children there...)

Technically, under the DMCA, you have to brainwipe the children afterwards.

Re:So what?

[BronsCon (927697)]

Technically, he wrote a program that enables one to violate the rights of content creators.

Technically, it needs the keys in order to decrypt the media. The supposed illegality of this is speculative, at best as it circumvents nothing.

If the program decrypted the content without input from the user, in the form of keys, it certainly would enable one to violate the rights of copyright holders.

Of course, you can probably google for the keys needede to decrypt at least a few discs (I really don't care, since I don't have the proper discs or drive, anyway), but, if you're going to do that, you may as well just grab the .torrent while you're at it.

I guess, next, they'll go after Plasmon, MTS, Mitsubishi and others for making HD-DVD glass-master and pressing equipment, which can be used to make illegal copies as well? And many an AC on /. will support them for it, regardless of the fact that this is the same equipment used to make the original; without it, there would be nothing to copy.

Re:I should... - the cartoon version

[Adeptus_Luminati (634274)]

I have a fox-trot cartoon clip in my cubicle

In it, the kid is sitting at his computer rubbing his hands and licking his lips. His mother asks him what he is is doing...

Mother: What are you doing?
Kid: I'm creating digital music. The first song I'll call "0" and the second I'll call "1".
Kid: Anybody who then publishes CDs with replicas of my content will be sued for Trillions of dollars due to Billions of instances of copyright infringements! MPAA & RIAA will be my first victims.
Mother: Remind me not to allow you to go to law school.
Kid: Ahhhh! To live in America! (dollar signs in his eyes).

Adeptus